Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 26 Nov 2017 15:37:49 -0500
From: Leo Famulari <>
Subject: Re: RCE in Exim reported

On Sat, Nov 25, 2017 at 06:50:31PM -0500, Phil Pennock wrote:
> :
>   Use-after-free remote-code-execution
>   CVE-2017-16943
> :
>   stack-exhaustion remote DoS
>   CVE-2017-16944
> Fix for the former has been confirmed by the reporter and is in git.
> The `exim-4_89+fixes` branch used by various OS packagers for major
> bug-fixes on top of the 4.89 release has the UAF fix backported.  Work
> on the DoS is under way.

FYI, clicking on the commits from this page just gives the error

400 - Invalid hash parameter

But the commit in question can be viewed here:

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ